[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: A fix for main mode with preshared keys
On Mon, 13 Dec 1999 11:59:25 +0300 you wrote
> >
> > What problem? It would help if you could say exactly what you're trying to
> > solve. It started out as a way to not require keys to be bound to an IP
> > address. But that problem is solved. So what is it that you're trying to
> > solve now?
>
> I think the problem is to not require keys to be bound to an IP address
> while using Main Mode. You solution doesn't solve this problem, while,
> Hugo's does. And besides, Hugo's solution makes policy lookup in IKE
> more uniform - you always rely only on ID payload content regardless of
> IKE's mode of operation.
That's not a problem, that's a feature request. What is the problem that
not binding a pre-shared key to an IP address in Main Mode would solve?
Would Base Mode with ID_KEY_ID-based pre-shared keys not solve that problem
as well? Would RSA (or El-Gamal) encrypted nonces not solve that problem
as well?
Dan.
Follow-Ups:
References: